Syed Jahanzaib Personal Blog to Share Knowledge !

November 27, 2013

DVR/CCTV & Browser Compatibility issue

Filed under: General IT Related — Tags: , , , , , — Syed Jahanzaib / Pinochio~:) @ 1:19 PM

From past few weeks we were having issues accessing our DVR systems from the Internet. The problem was that only when authentication dialogue appears, and after entering credentials , nothing appears further , no video nothing else, seems like connection going in sink hole.

As showed in the images below . . .

Login screen appear but with no background or complete logo

cctv1.

But after entering credentials, no video or any thing else came except for blank screen or with no video.

cctv2

 

First we thought it might be something with the port forwarding , so first we did some investigation and found nothing, so called a Cisco Support personnel, and he also did some checking and found nothing.

Then we suspect our ISP and lounged complain regarding possible content filtering, but they claimed none of any traffic is filtered in corporate networks except VOIP.

We called the DVR support team and they claimed everything is fine at there DVR systems (nooobs :p)
Later on I configured an Mikrotik Routerboard in parallel just to verify that nothing is wrong  with the Cisco ASA firewall.

After searching on Google, I found out that it is something related to browser compatibility issues with the ACTIVEX component of the DVR manufacturer. But I was unable to sort it out completely. Luckily a friend from PORTUGAL (Mr. Rui Oliveria) confirmed me about the browser compatibility issue, and recommended me to run Browser (Internet Explorer 10) in IE9 mode. and ALHAMDOLILLAH it worked without any issue.

As showed in the image below . . .

cctv3-final.

.

Alternate way to launch Internet Explorer 10 in IE-9 mode via shortcut

To launch Internet Explorer 10 in IE9 mode, create a HTML file (you can use simple ntoepad to copy paste following code, and save it with IE9.html )

Copy paste the code from following pastebin location (WordPress is not good with pasting html codes)

http://pastebin.com/Uw9N9h94

Now double click this file and IE10 will be launch in IE9 mode. You can modify it as per your requirements.

.

You can use IETAB for Google Chrome & Firefox to view the DVR system.

.

Regard’s
Syed Jahanzaib

 

Advertisements

23 Comments »

  1. Aoa,

    you have to forward 2 or 3 ports from modem

    1- http that is 80 port
    2- second is straming port by default its 554
    3- This is control port and its vendor depended basically its acpi port, for HIKVISION its default is 8000

    i suggest you to forward 554 port as well and it should work on all browsers without any tweak.

    Thanks

    Basit Khan
    AMB NET SOLUTIONS
    http://www.basitkhan.info

    Like

    Comment by Basit Khan — November 28, 2013 @ 9:08 AM

    • Thank you for your TIP. unfortunately this DVR donot work with RTSP port which 554 by default. It uses only port 80 and 8001 TCP. We confirmed it several time by tracing from router, and by packet tracert WIRESHARK, Both are forwarded from the router to DVR but not working, We have another 3rd party IP base camera which uses port 80/800x/554 port and it works fine without any issue,, Only specific DVR have issues.

      Like

      Comment by Syed Jahanzaib / Pinochio~:) — November 28, 2013 @ 9:11 AM

      • Sir, mene apnay network mein dvr lagaya hai per wo bina hotspot login keye saray network per kahin bhi dvr k software k through access ho jata hai aur cams feed show ho jaty hai. kindly is ka koi solution bta dein takay sirf hotspot login ya pppoe authenticate honay k baad dvr access ho.

        Like

        Comment by nasir — December 24, 2013 @ 6:10 PM

      • use PPOE dialer from your DVR instead of DHCP. hope this will fixed your problem !

        Like

        Comment by Basit Khan — December 26, 2013 @ 10:28 AM

      • sir kuch dvr pppoe pe connect nhi hotay, masla ye hai k agar meray customers mein se koi bhi apna dvr hotspot pe lagata hai to wo saray city mein kahin bhi access ker leta hai kuyn k meray network ki coverage alomost city mein har jaga hai, hotspot to aik session hi create kerta hai per username, problem ye hai k agar dvr conected hai meray network se chaye login nhi howa phir bhi wo network access kerta hai is ko kesay block ker saktay hai takay sirf hotspot login honay k baad hi network access ho, shaihd ye dvr koi aisi port use kerta hai jesay hotspot block nhi kerta login se pehlay, sir kiya koi aisi firewall script hai jo hotspot pe login honay se pehlay sari ports ko block keray aur hotspot login page pe redirect keray or atleast block ker de? kindly help me, mene khud bhi check ker liya hai dvr laga k har jaga access ho jata hai.

        Like

        Comment by nasir — December 26, 2013 @ 5:55 PM

  2. shahzaib bhai mere mikrotik ke server mein trojan horse ka virus aa gaya hai usko kaise remove karna hai…

    Like

    Comment by Shahab Khan — December 5, 2013 @ 5:13 PM

  3. Just copy and paste these rules in Net Terminal,
    It will keep your MkTik protect from various attacks

    /ip firewall filter
    add chain=icmp comment=”echo reply” icmp-options=0:0 protocol=icmp
    add chain=icmp comment=”allow parameter bad” icmp-options=12:0 protocol=icmp
    add chain=icmp comment=”net unreachable” icmp-options=3:0 protocol=icmp
    add chain=icmp comment=”host unreachable” icmp-options=3:1 protocol=icmp
    add chain=icmp comment=”allow source quench” icmp-options=4:0 protocol=icmp
    add chain=icmp comment=”allow time exceed” icmp-options=11:0 protocol=icmp
    add chain=icmp comment=”allow echo request” icmp-options=8:0 protocol=icmp
    add action=drop chain=icmp comment=”deny all other types”
    add action=drop chain=input comment=”drop ftp brute forcers” dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
    add chain=output content=”530 Login incorrect” dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
    add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content=”530 Login incorrect” \
    protocol=tcp
    add action=drop chain=input comment=”drop ssh brute forcers” dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
    add action=drop chain=forward comment=”drop ssh brute downstream” dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”Port scanners to list ” \
    protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”NMAP FIN Stealth scan” \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”SYN/FIN scan” protocol=tcp \
    tcp-flags=fin,syn
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”SYN/RST scan” protocol=tcp \
    tcp-flags=syn,rst
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”FIN/PSH/URG scan” protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”ALL/ALL scan” protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”NMAP NULL scan” protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment=”dropping port scanners” \
    src-address-list=”port scanners”
    add action=drop chain=forward comment=”dropping port scanners” \
    src-address-list=”port scanners”
    add action=drop chain=input comment=”Drop Invalid connections” \
    connection-state=invalid
    add chain=input comment=”Allow Established connections” connection-state=\
    established
    add action=drop chain=forward comment=”drop invalid connections” \
    connection-state=invalid
    add chain=forward comment=”allow already established connections” \
    connection-state=established
    add chain=forward comment=”allow related connections” connection-state=\
    related
    add action=drop chain=forward comment=”Block Bogon IP addresses” src-address=\
    0.0.0.0/8
    add action=drop chain=forward dst-address=0.0.0.0/8
    add action=drop chain=forward src-address=127.0.0.0/8
    add action=drop chain=forward dst-address=127.0.0.0/8
    add action=drop chain=forward src-address=224.0.0.0/3
    add action=drop chain=forward dst-address=224.0.0.0/3
    add action=jump chain=forward comment=”Make jumps to new chains” jump-target=\
    tcp protocol=tcp
    add action=jump chain=forward jump-target=udp protocol=udp
    add action=jump chain=forward jump-target=icmp protocol=icmp
    add action=drop chain=tcp comment=”deny TFTP” dst-port=69 protocol=tcp
    add action=drop chain=tcp comment=”deny RPC portmapper” dst-port=111 \
    protocol=tcp
    add action=drop chain=tcp comment=”deny RPC portmapper” dst-port=135 \
    protocol=tcp
    add action=drop chain=tcp comment=”deny NBT” dst-port=137-139 protocol=tcp
    add action=drop chain=tcp comment=”deny cifs” dst-port=445 protocol=tcp
    add action=drop chain=tcp comment=”deny NFS” dst-port=2049 protocol=tcp
    add action=drop chain=tcp comment=”deny NetBus” dst-port=12345-12346 \
    protocol=tcp
    add action=drop chain=tcp comment=”deny NetBus” dst-port=20034 protocol=tcp
    add action=drop chain=tcp comment=”deny BackOriffice” dst-port=3133 \
    protocol=tcp
    add action=drop chain=tcp comment=”deny DHCP” dst-port=67-68 protocol=tcp
    add action=drop chain=udp comment=”deny TFTP” dst-port=69 protocol=udp
    add action=drop chain=udp comment=”deny PRC portmapper” dst-port=111 \
    protocol=udp
    add action=drop chain=udp comment=”deny PRC portmapper” dst-port=135 \
    protocol=udp
    add action=drop chain=udp comment=”deny NBT” dst-port=137-139 protocol=udp
    add action=drop chain=udp comment=”deny NFS” dst-port=2049 protocol=udp
    add action=drop chain=udp comment=”deny BackOriffice” dst-port=3133 protocol=\
    udp

    Like

    Comment by Basit Khan — December 6, 2013 @ 1:11 PM

  4. Just Copy and Past these rules into New Terminal,
    This will protect your Box from various attacks.

    /ip firewall filter
    add chain=icmp comment=”echo reply” icmp-options=0:0 protocol=icmp
    add chain=icmp comment=”allow parameter bad” icmp-options=12:0 protocol=icmp
    add chain=icmp comment=”net unreachable” icmp-options=3:0 protocol=icmp
    add chain=icmp comment=”host unreachable” icmp-options=3:1 protocol=icmp
    add chain=icmp comment=”allow source quench” icmp-options=4:0 protocol=icmp
    add chain=icmp comment=”allow time exceed” icmp-options=11:0 protocol=icmp
    add chain=icmp comment=”allow echo request” icmp-options=8:0 protocol=icmp
    add action=drop chain=icmp comment=”deny all other types”
    add action=drop chain=input comment=”drop ftp brute forcers” dst-port=21 \
    protocol=tcp src-address-list=ftp_blacklist
    add chain=output content=”530 Login incorrect” dst-limit=\
    1/1m,9,dst-address/1m protocol=tcp
    add action=add-dst-to-address-list address-list=ftp_blacklist \
    address-list-timeout=3h chain=output content=”530 Login incorrect” \
    protocol=tcp
    add action=drop chain=input comment=”drop ssh brute forcers” dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=22 \
    protocol=tcp
    add action=drop chain=forward comment=”drop ssh brute downstream” dst-port=22 \
    protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”Port scanners to list ” \
    protocol=tcp psd=21,3s,3,1
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”NMAP FIN Stealth scan” \
    protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”SYN/FIN scan” protocol=tcp \
    tcp-flags=fin,syn
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”SYN/RST scan” protocol=tcp \
    tcp-flags=syn,rst
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”FIN/PSH/URG scan” protocol=\
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”ALL/ALL scan” protocol=tcp \
    tcp-flags=fin,syn,rst,psh,ack,urg
    add action=add-src-to-address-list address-list=”port scanners” \
    address-list-timeout=2w chain=input comment=”NMAP NULL scan” protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    add action=drop chain=input comment=”dropping port scanners” \
    src-address-list=”port scanners”
    add action=drop chain=forward comment=”dropping port scanners” \
    src-address-list=”port scanners”
    add action=drop chain=input comment=”Drop Invalid connections” \
    connection-state=invalid
    add chain=input comment=”Allow Established connections” connection-state=\
    established
    add action=drop chain=forward comment=”drop invalid connections” \
    connection-state=invalid
    add chain=forward comment=”allow already established connections” \
    connection-state=established
    add chain=forward comment=”allow related connections” connection-state=\
    related
    add action=drop chain=forward comment=”Block Bogon IP addresses” src-address=\
    0.0.0.0/8
    add action=drop chain=forward dst-address=0.0.0.0/8
    add action=drop chain=forward src-address=127.0.0.0/8
    add action=drop chain=forward dst-address=127.0.0.0/8
    add action=drop chain=forward src-address=224.0.0.0/3
    add action=drop chain=forward dst-address=224.0.0.0/3
    add action=jump chain=forward comment=”Make jumps to new chains” jump-target=\
    tcp protocol=tcp
    add action=jump chain=forward jump-target=udp protocol=udp
    add action=jump chain=forward jump-target=icmp protocol=icmp
    add action=drop chain=tcp comment=”deny TFTP” dst-port=69 protocol=tcp
    add action=drop chain=tcp comment=”deny RPC portmapper” dst-port=111 \
    protocol=tcp
    add action=drop chain=tcp comment=”deny RPC portmapper” dst-port=135 \
    protocol=tcp
    add action=drop chain=tcp comment=”deny NBT” dst-port=137-139 protocol=tcp
    add action=drop chain=tcp comment=”deny cifs” dst-port=445 protocol=tcp
    add action=drop chain=tcp comment=”deny NFS” dst-port=2049 protocol=tcp
    add action=drop chain=tcp comment=”deny NetBus” dst-port=12345-12346 \
    protocol=tcp
    add action=drop chain=tcp comment=”deny NetBus” dst-port=20034 protocol=tcp
    add action=drop chain=tcp comment=”deny BackOriffice” dst-port=3133 \
    protocol=tcp
    add action=drop chain=tcp comment=”deny DHCP” dst-port=67-68 protocol=tcp
    add action=drop chain=udp comment=”deny TFTP” dst-port=69 protocol=udp
    add action=drop chain=udp comment=”deny PRC portmapper” dst-port=111 \
    protocol=udp
    add action=drop chain=udp comment=”deny PRC portmapper” dst-port=135 \
    protocol=udp
    add action=drop chain=udp comment=”deny NBT” dst-port=137-139 protocol=udp
    add action=drop chain=udp comment=”deny NFS” dst-port=2049 protocol=udp
    add action=drop chain=udp comment=”deny BackOriffice” dst-port=3133 protocol=\
    udp

    Thankx

    Like

    Comment by Basit Khan — December 6, 2013 @ 1:13 PM

  5. shukriya aap sab ka lekin yeh sab save kaise ho ga

    Like

    Comment by Shahab Khan — December 9, 2013 @ 1:39 PM

  6. NO need to save, just copy and paste these lines into New Terminal, it will save automatically

    Like

    Comment by Basit Khan — December 10, 2013 @ 8:39 AM

  7. but this is not working trojan horse is still in my server…

    Like

    Comment by Shahab Khan — December 10, 2013 @ 10:00 AM

    • Bro, will you please let me know how you check that the trojan horse is still in server?

      go to Winbox—>IP—>Firewall—->Address List and check that are there any list created dynamically?

      It might be possible that the trojan is present into your local system rather than your server. coz there is nothing to do a Trojan in server because of Linux has permission attribute on each and every file of it,
      furthermore the Mikrtoik server is closed source so they keep the root privileges and other user programs can’t change anything or any settings.

      Like

      Comment by Basit Khan — December 11, 2013 @ 1:00 PM

  8. no bro there is no list created but when i open login page on client computer which has installed avast 7.0 pro that says trojan has detected and blocked my login page….this is the problem

    Like

    Comment by Shahab Khan — December 11, 2013 @ 3:49 PM

    • ooh i c, its the hotspot website error, just reset the html pages from Hotspot menu and then try again!

      Like

      Comment by Basit Khan — December 11, 2013 @ 3:51 PM

  9. kindly tell me how to reset because i am new in this field….thanks

    Like

    Comment by Shahab Khan — December 11, 2013 @ 4:51 PM

  10. you guys are very nice thanks for helping me..\

    Like

    Comment by Shahab Khan — December 12, 2013 @ 2:58 PM

  11. bhai koi aisa proxy ip jo youtube sahi open kare aur rukkay na download bhi ho aur isko hotspot mein kaise add karein gay

    Like

    Comment by chillnmasty — December 15, 2013 @ 10:08 PM

  12. Mera HK Vision ka DVR bahir say connect horahay hay Playback bhi show kar raha hay main recording dekh sakta hon bahir say apnay office kay CCTV ki bit live streaming nahin kar pa raha plz help?????? sari ports open hain meray office ki aik hi static IP hay wohi main CCTV kay lye use kar raha hon can anyone help plzzzz!!!

    Like

    Comment by adnanmalikaaa — June 4, 2015 @ 6:14 PM

  13. Sir i have a dvr in my home which is connected to my router via 70 meter long cat 6 cable. when we set these cabling and port forwarding in router it was working properly i can access dvr via lan but after 2-3 days its not working. I changed router 2 to 3 time but every router works only 2-3 days. .
    when these same cable directly connected to my laptop i can access my dvr. it shows cabling is fine.
    I think it might be a POE issue on router. currently i am using edimax br6228ns as my home router.
    Do i need to install POE switch in between router and dvr ? or any home router that support 70 meter long lan cable. if yes then please provide device name model no.
    please provide solution for above issue.

    Like

    Comment by Shitesh — June 27, 2015 @ 6:05 PM

  14. Sir any update regarding my above issue posted on { Comment by Shitesh — June 27, 2015 @ 6:05 PM }

    Like

    Comment by shitesh — July 4, 2015 @ 5:07 PM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: